Magistrates’ courts can now impose unlimited fines for DP Act criminal offences

Since 12 March, Magistrates’ courts are no longer limited to £5,000 fines for criminal offences under the DP Act.

The Legal Aid, Sentencing and Punishment of Offenders Act 2012 (Fines on Summary Conviction) Regulations 2015, which allow for an unlimited fine, were adopted on 11 March 2015 and entered into force on 12 March 2015.

Individuals can be convicted of a criminal offence under S 55 of the DP Act if they obtain or disclose personal data without the consent of the data controller. The ICO has for many years been lobbying for more effective sentences, and a custodial sentence for the most serious ‘blagging’ breaches committed by those selling personal data to private investigators or journalists.

The change is not intended to penalise public sector DP managers who might have made an error of judgement when sharing data for legitimate reasons, or have been deceived to disclose information. PL&B put a question to the ICO whether DP managers could, in any event, become legally responsible for such failures. The ICO’s spokesman said that, as with any other employee, a DP manager could conceivably commit a criminal offence under s55 DP Act as before. Apart from that, DP managers are unlikely to be affected by the removal of the £5,000 cap.